CVE-2022-45871 is a Denial-of-Service (DoS) vulnerability identified in the fsicapd component used within WithSecure products. The vulnerability arises from improper input validation when parsing ICAP (Internet Content Adaptation Protocol) requests. An attacker can remotely send crafted ICAP requests to the vulnerable service, causing it to crash. This crash results in a denial of service, disrupting the availability of the affected service. The vulnerability is categorized under CWE-20, which relates to improper input validation, indicating that the component does not adequately verify or sanitize incoming data before processing. No specific affected product versions or patches have been disclosed publicly, and there are no known exploits in the wild at this time. The fsicapd service is likely part of WithSecure's security or content filtering solutions that utilize ICAP for content adaptation or scanning. Since the vulnerability can be triggered remotely without authentication, it presents a risk of service disruption to any organization deploying the affected WithSecure products that incorporate this component. The lack of detailed product/version information limits precise identification of impacted deployments, but the nature of the vulnerability suggests it could affect network perimeter or gateway security devices relying on ICAP services for content inspection or filtering.

For European organizations, the primary impact of CVE-2022-45871 is the potential disruption of critical security infrastructure that relies on WithSecure products using the fsicapd component. A successful exploitation would cause service crashes, leading to denial of service conditions that could interrupt content filtering, malware scanning, or other security functions provided by the ICAP service. This disruption could degrade the organization's security posture by temporarily disabling protective controls, increasing exposure to other threats. Organizations in sectors with high dependency on continuous network security operations—such as finance, healthcare, telecommunications, and critical infrastructure—may experience operational interruptions or compliance challenges. Additionally, since the vulnerability can be exploited remotely without authentication, attackers could launch DoS attacks from external networks, potentially as part of larger multi-vector campaigns. However, the absence of known exploits in the wild and the medium severity rating suggest the threat is moderate but should not be underestimated, especially in environments where availability of security services is critical.

Given the lack of publicly available patches or version details, European organizations should take proactive steps to mitigate the risk: 1) Identify and inventory all WithSecure products deployed within the environment, focusing on those that utilize ICAP services or the fsicapd component. 2) Restrict network access to the ICAP service to trusted internal networks or specific management hosts using firewall rules or network segmentation to reduce exposure to remote attackers. 3) Monitor network traffic for unusual or malformed ICAP requests that could indicate exploitation attempts, leveraging intrusion detection or prevention systems with custom signatures if possible. 4) Engage with WithSecure support or vendor channels to obtain detailed information on affected versions and available patches or updates addressing this vulnerability. 5) Implement robust logging and alerting on the ICAP service to detect crashes or restarts promptly, enabling rapid incident response. 6) As a temporary measure, consider disabling the ICAP service if it is not critical or if alternative security controls can be deployed until a patch is available. These targeted actions go beyond generic advice by focusing on network-level controls, vendor engagement, and operational monitoring specific to the ICAP service and fsicapd component.